A tech blog which focuses on virtualization

Primary Menu

I recently had a strange problem with SRM 6.5 when I tried to open it in the flash or HTML5 client. Error said, “Failed to retrieve pairs from Site Recovery Manager Server at https://SRMaddress:9086/vcdr/vmoni/sdk. Cannot complete login due to an incorrect user name or password”. No service account passwords were recently changed. The error did not specify what user name failed.

I checked out SRM’s logs, which are located in C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\Logs. I found only found one set of errors in the log. The message displayed another administrator, but nothing that SRM should be trying to use. A few messages in it were, “AuthorizeManager::AddCOnnection returned false for user…” and “Failed to login session…Insufficient privileges for user…”.

I could not find any information on any of the errors, except for a VMTM community post that saved me. The answer was so simple that I did not believe it would work until I tried it for myself. Daniel Soltau had a comment to login to vCenter at both sites in separate clients at the same time. It worked! SRM opened fine. I wanted to post this solution in hope that this reaches more people that have this strange SRM problem.

I deployed a Cisco UCS B200 server with a VIC 1380 and created a service profile from a template I always use. I assigned the service profile to the server and installed ESXi. I noticed the server was having network connectivity problems. It was intermittently dropping packets on a continuous ping.

I narrowed down that the issue was only occurring on a NIC going though Fabric Interconnect A. The network connectivity was fine on Fabric Interconnect B. No other servers were having the issue. I did more troubleshooting at that point with Cisco TAC.

Turns out the service profile was the issue. I unassigned the service profile, created a new profile from the same template, and assigned it to the server. Then network connectivity was working fine.

Next week will be one year since I launched my blog. I started off strong with posting articles and then I started to slip. I wish I had more time to write articles. I was tied up preparing for the VCAP6-DCV Design Exam the last few months of last year. It took more time than I expected to pass it. Then I started a new job in December, which has been keeping me quite busy. I am not focusing on VMware as much with this job as compared to my two previous jobs. I am working a lot with storage and Windows Server Failover Clustering. I am getting more settled into the job and hope to be able to write more articles.

I finally passed the VCAP6-DCV Design Exam after about 4 months of studying. This makes me a VCIX since I passed the VCAP5-DCA last year. I do not recommend anyone to take this exam.

I thought I could be different than the many others that failed the test their first and second attempts. However, I was like a lot of other people. This exam is extremely difficult and has many flaws.

My biggest complaint was on a drag and drop question. I was frustrated because I studied a lot and from many different sources. I was surprised to not be familiar enough to even attempt to answer one question. I eventually figured out why I was not ready for the question. It was based on a 5.5 objective; Describe layered security considerations, including but not limited to Trust Zones. That objective is not on the 6 exam objectives. I used many different sources when studying and no one mentioned this topic. VMware should base the exam off of the objectives they list on their site for the respective version of the exam.

I have a smaller example of another flaw. A host is referred to by different words on various questions. Sometimes a host was called a server or node. One questions used the word server to refer a host and also for a virtual machine from what I gathered by the context of the question.

On the other hand, the deploy exam was straight forward and a rewarding experience. I gained a lot from it and knew where I stood when studying and taking the exam. The design exam is the complete opposite.

I see why many others, including VMware employees, recommend to not even take the VCAP6-DCV design exam. I completely agree. I highly recommend to take the VCP 6.5 and then take the VCAP on 6.5 if that’s what it takes to avoid the VCAP6 design exam.

VMware’s KB 2113917 for repointing vCenter to a new PSC within the same site on vSphere 6 is straightforward. Only requires one command to run on the vCenter Server. However, the repoint will not work if the proxy setting is enabled on the vCenter Server. This is a bug and hopefully will be fixed in a future patch.

Below is the error message after running the repoint command with the proxy enabled.

Using curl to test the port connectivity was fine for port 443 on the PSC. I could even access the page that is in the error message. tcpdump between the vCenter Server and PSC showed information on the proxy. That is odd since the repoint shouldn’t need a proxy. The proxy is there so the vCenter Server can get out for updates.

The proxy can be disabled on the vCenter Server’s Appliance Management UI; https://:5480 Then go to Networking…Proxy Settings…Edit and uncheck ‘Use a proxy server’. Restart the vCenter Server and run the repoint command again.

I am studying for the VMware Certified Advanced Professional 6 – Data Center Virtualization Design Exam. I started to prepare for the exam this month and plan to take it in December. I had to hunt for good study material because VMware does not offer much. Only a blueprint, which is not even in a PDF. I contacted VMware education and was told the certification page with the blueprint is it. However, vMusketeers has made a spreadsheet with the blueprint. It includes the links that makes keeping track of studying easier because there are a lot of white papers to read. Also, check out the certification tab on the vMusketeers blog. There is additional information such as a practice quiz and useful links.

An absolute necessity is reading two articles on Jordan’s Roth’s blog; Scoring for VCAP6 Design Exams and VCAP6 Design Tips, Tricks and New Features. Read the comments on those two articles too. Jordan use to work for VMware on a team that created this exam. I think the information in those articles should be on VMware’s site so everyone has easy access to it. Here’s something funny Jordan said in one of his comments when someone questioned him. Jordan, “Well, since I designed the VCAP6 design exams myself, you can take my word for it or what you read somewhere else 🙂”

I highly recommend to watch the VCAP6-DCV Design Series on YouTube hosted by vBrowBag. They have a video for 11 of the 16 exam objectives. The videos are hosted by many VMware veterans and even some VCDXs. The few I watched so far have offered good, deep explanations.

There are two Google Communities to monitor; VCAP-DCD Study Group and VCAP6-DCV Design. The latter is more current. I recommend to spend as much time as possible to read every post, even if it goes back over a year ago when the VCAP6 was not yet leased. A lot of the 5.5 content is still every relevant.

Virtualtiers.net has a simulator, multiple choice questions, and drag/drop questions. I think it is based on the 5.5 objectives, but its worth going through to get a feel for the simulator and drag/drop questions. VMware has their official VCAP Datacenter Design Simulation, which is a Flash based walk through.

This should help someone get started on studying for the VCAP6-DCV Deploy exam. I will make an additional post after I take the exam. For now, I have plenty of content to keep myself busy for the next couple of months.

Dell Compellent’s Storage Manager has many tools for managing, monitoring, and reporting. I will focus on one performance metric which is transfer latency. Of course, monitoring displays the performance of many aspects of the SAN. Transfer latency monitors more than just the SAN. It measures latency from every point, which is the NIC on the host and everything in between connecting to the back end of the SAN.

Tracking the source of the transfer latency can be difficult since there are many places to check. However, somethings can be done to narrow it down. Storage Manager can drill down to many levels such as the disks to monitor latency. If the transfer latency follows directly with write latency, then the problem is most likely not with Compellent. ESXTOP can be used on the host side, but can be difficult to know exactly what is causing the latency.

Compellent has documentation that pointed me in another direction which was network switch configurations. Compellent has best practice documents available for many switches. Link level flow control needed to be enabled on each switch port the Compellent controllers are connected to on a Cisco Nexus 5548UP switch. This change can be made with no down time to VMs. Change one port’s configuration at a time as a precaution. Below is the configuration provided by one of Compellent’s documents. Transfer latency went dramatically down as soon as the ports were reconfigured.

I am in the process of upgrading three vCenter Servers on 5.5 to 6. SSO was embedded on all three and SSO has been recently externalized to Windows Servers. The next step is to use the vCenter Server Migration Tool to migrate each SSO 5.5 server to PSC 6 appliance.

I went through the migration wizard and the migration was on its way. The PSC was deployed and the progress bar on the migration was moving along. However, when I opened the console for the PSC, there was an error; Upgrade EXPORT failed. Then the migration never finished.

I ran the migration again with VMware support since they did not know what could be causing the issue. I opened up the console for the PSC as soon as it was deployed and there was a quick message to look at UpgradeRunner.log. However, there was nothing useful in that log. Then checked out upgrade-export.log.

There were network related errors in upgrade-export.log. I knew I inputted everything correctly into the migration wizard and there was nothing that would block communication between anything involved. The IPv6 address in the log stuck out to me. The SSO Windows Server had a IPv6 address, but the wizard never asked for anything IPv6 related. I disabled IPv6 on the SSO server, ran the migration again, and everything went well.

Here’s one way to view the PSC’s logs. At the PSC’s console, hit Alt+F1. Then type the commands below.

Moral of the story is to disable IPv6 on all VMware related servers before using the vCenter Server Migration Tool. Then enable it after everything is on 6. This is just to be safe in case any other of the upgrades or migrations have similar issues. VMware support said they will have a knowledge base article on this issue. When they do, I will edit this article with a link so everyone can check out the latest directly from VMware.

I attended the AWS Public Sector Summit in Washington, DC this week. I usually do not attend so many conferences. This should be my last one for a while. I just happen to live nearby so I didn’t want to pass on the opportunity to learn more about AWS.

The keynotes were not really what a typical keynote address is at a conference. They were only a few minutes of announcements and then a few customer stories each day. The biggest announcement was GovCloud East is coming in 2018. Though, a more specific time frame would have been better received.

There were a lot of break sessions to choose from. There was a session on VMware Cloud on AWS. I don’t think there was any big news and sadly still no date for GA. Here’s a few things I got out of the session. Customers will purchase this service from VMware. AWS services will be billed separate from VMware by Amazon. All AWS services can be accessed from a customer’s VMware cluster, which will be hosted at a AWS data center. ESXi will boot from a EBS volume and no root access to the host for customers. The underlying storage for the VMs will be vSAN, which is a minimum of 4 hosts. Elastic DRS will be able to bring up a new host fast. I think within minutes. However, removing a host will take more time as data needs to be moved from the disks on the host.

I attended a fascinating session hosted by Kevin Murphy, Program Executive Earth Science Data Systems at NASA. He talked about and showed some of the projects NASA has been working on and how they leverage AWS. Some of NASA’s projects pull in petabytes of data ever day from satellites. The data is available for free for every person and company in the world. Kevin demonstrated one of his projects called Worldview, which I provided a description below. I highly recommend everyone to check it out. You can add an assortment of layers with various information, such as all major fires around the world and by date.

This tool from NASA’s EOSDIS provides the capability to interactively browse global, full-resolution satellite imagery and then download the underlying data. Most of the 150+ available products are updated within three hours of observation, essentially showing the entire Earth as it looks “right now”. This supports time-critical application areas such as wildfire management, air quality measurements, and flood monitoring. Arctic and Antarctic views of several products are also available for a “full globe” perspective. Browsing on tablet and smartphone devices is generally supported for mobile access to the imagery.

I’m sure Amazon will be looking to expand the event next year. I heard the attendance was at least 7,500 before Tuesday afternoon, which seemed to catch Amazon by surprise. Despite the crowds, I had a good time and learned a lot during my two days at the event .

I think the equipment an IT professional uses in their home and the time they take at home for technology is a reflection of their dedication. Keeping up with technology is hard to do solely at work. Using various devices and software at home is one way to help broaden one’s knowledge.

The cornerstone of my home network is a box running Sophos XG Firewall Home Edition. Sophos is more than just a firewall. It can do anti-malware scanning, IPS, VPN, and many other services. I can talk a lot about my experiences with Sophos. I will write deep drive of Sophos XG Firewall in a future article.

My wired devices are connected to a 8 port gig Meraki switch, MS220-8. I use a Meraki MR33 for a 802.11ac wireless access point. Both devices are cloud managed. I was a little skeptical at first, but I can now really say that I like Meraki’s dashboard that allows management of my devices. The dashboard allows a lot of configuration to be done before a customer even receives the devices. Then the device will pull down the config once it’s connected to the network.

I do not work in networking so I enjoyed seeing a different side then I am use to at work. I am not taking advantage of all features, but I enjoy testing what I can do. A wifi guest network can be easily isolated. Also, packet capture can be easily ran from the dashboard against an AP or port of the switch.

I, of course, build my own computers and enjoy the process. Though, I’m really due for building a new one. My computer is showing it’s age with an i7 Ivy Bridge, but it still gets the job done. I use VMware workstation when I want to spin up some VMs.

Here’s a couple device a have for fun. I have a Raspberry Pi, which I currently run RetroPie on it. RetroPie is loaded with emulators and makes it easy to play some classic games. I have a Steam Link that allows me to stream games from my computer. I got it on sale for $30 and it can stream anything from my computer so even non-gamers may find a use for it.

The most odd ball set of devices I have are MoCA network adapters, ECB2500C. MoCA is fun to say and an easy way to expand a home network over existing coaxial cable. For example, I live in an apartment that already had coaxial ran to a room that I wanted a wired connection. I just added couple of the adapters to easily extend my network.

My home setup is small, but I consider it elaborate and to the point. My goal is for it to be secure and easily functional for home related devices. I am not one for having devices for the sake of having them. I like to make sure I use everything I have.